This step explains how to download and install cert-manager, required for Apigee hybrid to operate.
Install cert-manager
- Use the following command to install cert-manager v1.13.0 from GitHub.
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
You should see a response that the cert-manager namespace and several cert-manager resources have been created. For example:
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io configured customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io configured ... mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
- Use the following command to verify the successful creation of cert-manager namespace and its corresponding components:
kubectl get all -n cert-manager -o wide
Your output should be similar to the following example. You should see pods for
cert-manager,cert-manager-cainjector, andcert-manager-webhook.NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/cert-manager-abcd1234-7hkt9 1/1 Running 0 35s 10.20.x.x gke-hybrid-on-apigee-data-abcd1234-3d54 <none> <none> pod/cert-manager-cainjector-abcd1234-6lb4k 1/1 Running 0 35s 10.20.x.x gke-hybrid-apigee-runtime-abcd1234-5hmn <none> <none> pod/cert-manager-webhook-abcd1234-c8bg9 1/1 Running 0 35s 10.20.x.x gke-hybrid-apigee-runtime-abcd1234-fk39 <none> <none> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/cert-manager ClusterIP 10.24.x.x <none> 9402/TCP 35s app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager service/cert-manager-webhook ClusterIP 10.24.x.x <none> 443/TCP 35s app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR deployment.apps/cert-manager 1/1 1 1 35s cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.13.0 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager deployment.apps/cert-manager-cainjector 1/1 1 1 35s cert-manager-cainjector quay.io/jetstack/cert-manager-cainjector:v1.13.0 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector deployment.apps/cert-manager-webhook 1/1 1 1 35s cert-manager-webhook quay.io/jetstack/cert-manager-webhook:v1.13.0 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR replicaset.apps/cert-manager-abcd1234 1 1 1 35s cert-manager-controller quay.io/jetstack/cert-manager-controller:v1.13.0 app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,pod-template-hash=abcd1234 replicaset.apps/cert-manager-cainjector-abcd1234 1 1 1 35s cert-manager-cainjector quay.io/jetstack/cert-manager-cainjector:v1.13.0 app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,pod-template-hash=abcd1234 replicaset.apps/cert-manager-webhook-abcd1234 1 1 1 35s cert-manager-webhook quay.io/jetstack/cert-manager-webhook:v1.13.0 app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,pod-template-hash=abcd1234
Summary
You now have cert-manager installed, and you are ready to install the Apigee hybrid custom resource definitions (CRDs).